14

If Tor is able to hide the IP address of the machine and make us anonymous, then does it prevent the ISP from tracking us?

Anders
  • 64,406
  • 24
  • 178
  • 215
Sivaram Rasathurai
  • 390
  • 2
  • 4
  • 15

2 Answers2

16

You cannot hide how much data you are sending and when you are online. But, Tor encrypts data and sends it through proxies before it reaches the target server, so that hides the contents of the communication and to which website or server you are talking. You can also try to hide that you are using Tor, but this is difficult and a determined ISP will be able to determine that you are using Tor.

The first proxy will decrypt the outer layer of encryption and send it on to a middle proxy. The middle proxy does the same and sends it onto the final proxy. The final proxy finally decrypts your original request, so be aware that they can see the contents of what you are sending and to which website or server it is being sent. But they don't know that it came from you.

Note that, while the final proxy can see the contents, if you use "https" then the contents are still encrypted. I would not do internet banking over Tor unless you know very well what you should be checking (IDN homoglyph attacks, the certificate, perhaps other things), but generally speaking: https encrypts your communication. They can still see which website you are talking to, though, since contents encryption does not hide routing information (the page request, form data, etc. still needs to get to the right website).

See also the top hit on duckduckgo for "tor isp tracking": Does my ISP know what sites I have visited if I am using Tor?

Luc
  • 31,973
  • 8
  • 71
  • 135
  • I would add that the server certificate is sent in cleartext - even if it is cryptographically signed - so the final node (a.k.a exit note) will know which website is accessed in HTTPS (but not the content itself) – John Kravicz Feb 03 '20 at 13:11
  • @JohnKravicz Good point, it's kind of covered by that "they can see [...] and to which website or server it is being sent" but I could be more clear in that paragraph about https because encryption does not hide routing information. Will update, thanks. – Luc Feb 03 '20 at 13:19
  • @Luc Thanks for this clarification. Finally, the ISP only knows we are using tor. Other details can not be got by ISP. Is it the final conclusion – Sivaram Rasathurai Feb 03 '20 at 13:43
  • @JohnKravicz: for TLS1.3 (now 20% of top 150k per qualys) the cert is encrypted, and even below that many sites are on shared hosting or CDN where the cert has 10s or 100s of unrelated names. OTOH SNI contains the exact hostname (except for HTTP2) in clear, except in 1.3 if both endpoints implement ESNI which is still fairly rare -- and requires an extra, host-specific DNS request (which is clear unless you use e.g. DoH). – dave_thompson_085 Feb 04 '20 at 03:08
  • @dave_thompson_085 "*for TLS1.3 (now 20% of top 150k per qualys) the cert is encrypted*" I know you qualify it later but leading with that stat is a bit misleading. Taking a random website with TLS1.3 (my own), I totally see the hostname in plain text in the network traffic. Screenshot: https://lgms.nl/files/TLS1.3SNI.png (103K, PNG) – Luc Feb 04 '20 at 08:22
  • @Luc: which was stated in the second sentence of my comment – dave_thompson_085 Feb 06 '20 at 09:32
  • If you also run a tor middle node, the ISP does not really see when or if you are doing something. – bot47 Feb 08 '20 at 05:25
2

What ISP has its own set of rules on privacy which aim to protect your sensitive data. Which data can be tracked by ISP

  • The URLs you visit online
  • The pages you visit most frequently
  • online/offline habits (when you typically log in and off)
  • How much time you spend on certain web pages More than that It could track following information if the user is still not care about his privacy
  • specific current location (if location services are turned on)
  • personal relationships
  • phone numbers
  • email
  • social media data

Here are some methods to help stop your ISP from tracking you:

  • Use HTTPS: To be clear, using HTTPS does not mean that everything you do online will be encrypted. Using HTTPS instead of HTTP ensures that your data is encrypted before transferring it, thus making it more secure. You can install the Chrome and Firefox extension HTTPS Everywhere to ensure this always happens.
  • Use Tor to browse anonymously: Tor is a wide network of virtual tunnels that allow you to browse the internet without leaving any traces. Once you download Tor, you will get directed to a special browser called TorBrowser. This browser will provide you with a protected IP address which is different from your own. Within this browser, you can use the internet anonymously. Tor hides the identity of who you're connecting to (the webserver), so no issues there. Additionally, since Tor encrypts your traffic your ISP can't see your HTTP requests, so they can't see what websites you're trying to download.
  • Use off-shore VPNs: Off-shore VPNs like BolehVPN and NordVPN do not log any kind of access you make online.
  • Adjust your DNS: As we’ve seen, the DNS is how your computer turns a web address, e.g. digital.com, into an Internet Protocol address that’s machine-friendly because it’s numerical (consider it like the internet’s version of a telephone book).

However, as we know, your PC usually uses the DNS of your ISP. While a VPN should alter this, you can make 100% sure by checking what DNS your computer is using before setting the DNS to a third-party DNS provider, like OpenDNS. It's important to reiterate that, by default, your computer's Internet connection will try to resolve DNS using servers that are often automatically setup during IP negotiation, and belong to your ISP.

Joe Smith
  • 401
  • 4
  • 6